September 27th, 2006, 11:14 PM
MITM VPN attack?
so i know how MITM ssl attacks work, and sinse VPN's use asyncronis key exchange just like ssl... would it be possible to to perform the same type of attack.
Fool the user into thinking you're the correct vpn server, and fool the real server into thinking your the correct user?
With the user using your public/private key, it would then be possible to decrypt his traffic and see the communication. Im more interested in decrypting the isakmp traffic instead of the ipsec. Although both should be possible.
I've talked it over with a few people, all think its possible, but im opening it up for public debate, any thoughts? And if this has been done before, can any one recomend a tool?